From fe6d059212647338809998ddadbf4c876f600066 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Sun, 18 Aug 2019 18:00:31 +0300 Subject: shadow: musl now supports secure_getenv This fixed a potential security vulnerability on musl and made the patch obsolete. (From OE-Core rev: 30b6ae3084f63df437a4d6dd859bca674ca01e12) Signed-off-by: Adrian Bunk Signed-off-by: Richard Purdie --- ...002-gettime-Use-secure_getenv-over-getenv.patch | 71 ---------------------- meta/recipes-extended/shadow/shadow.inc | 1 - 2 files changed, 72 deletions(-) delete mode 100644 meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch diff --git a/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch b/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch deleted file mode 100644 index 8c8234d038..0000000000 --- a/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 3d921155e0a761f61c8f1ec37328724aee1e2eda Mon Sep 17 00:00:00 2001 -From: Chris Lamb -Date: Sun, 31 Mar 2019 15:59:45 +0100 -Subject: [PATCH 2/2] gettime: Use secure_getenv over getenv. - -Upstream-Status: Backport -Signed-off-by: Alex Kiernan ---- - README | 1 + - configure.ac | 3 +++ - lib/defines.h | 6 ++++++ - libmisc/gettime.c | 2 +- - 4 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/README b/README -index 952ac5787f06..26cfff1e8fa8 100644 ---- a/README -+++ b/README -@@ -51,6 +51,7 @@ Brian R. Gaeke - Calle Karlsson - Chip Rosenthal - Chris Evans -+Chris Lamb - Cristian Gafton - Dan Walsh - Darcy Boese -diff --git a/configure.ac b/configure.ac -index da236722766b..a738ad662cc3 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -110,6 +110,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent) - AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr) - - AC_CHECK_FUNC(setpgrp) -+AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV, -+ 1, -+ [Defined to 1 if you have the declaration of 'secure_getenv'])]) - - if test "$ac_cv_header_shadow_h" = "yes"; then - AC_CACHE_CHECK(for working shadow group support, -diff --git a/lib/defines.h b/lib/defines.h -index cded1417fd12..2fb1b56eca6b 100644 ---- a/lib/defines.h -+++ b/lib/defines.h -@@ -382,4 +382,10 @@ extern char *strerror (); - # endif - #endif - -+#ifdef HAVE_SECURE_GETENV -+# define shadow_getenv(name) secure_getenv(name) -+# else -+# define shadow_getenv(name) getenv(name) -+#endif -+ - #endif /* _DEFINES_H_ */ -diff --git a/libmisc/gettime.c b/libmisc/gettime.c -index 53eaf51670bb..0e25a4b75061 100644 ---- a/libmisc/gettime.c -+++ b/libmisc/gettime.c -@@ -52,7 +52,7 @@ - unsigned long long epoch; - - fallback = time (NULL); -- source_date_epoch = getenv ("SOURCE_DATE_EPOCH"); -+ source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH"); - - if (!source_date_epoch) - return fallback; --- -2.17.1 - diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 7f82d20826..acd753d0c1 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -12,7 +12,6 @@ UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \ file://shadow-4.1.3-dots-in-usernames.patch \ file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch \ - file://0002-gettime-Use-secure_getenv-over-getenv.patch \ file://0001-configure.ac-fix-configure-error-with-dash.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ " -- cgit 1.2.3-korg